From 27b3fd68f67b674440d21ea7ca5cf918d2e1559f Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 4 Jan 2017 22:54:06 -0500 Subject: fix crash from corrupted tls module list after failed dlopen commit d56460c939c94a6c547abe8238f442b8de10bfbd introduced this regression as part of splitting the tls module list out of the dso list. the new code added to dlopen's failure path to undo the changes adding the partially-loaded libraries reset the tls_tail pointer correctly, but did not clear its link to the next list entry. thus, at least until the next successful dlopen, the list was not terminated but ended with an invalid next pointer, which __copy_tls attempted to follow when a new thread was created. patch by Mikael Vidstedt. --- ldso/dynlink.c | 1 + 1 file changed, 1 insertion(+) (limited to 'ldso/dynlink.c') diff --git a/ldso/dynlink.c b/ldso/dynlink.c index c6890845..48dcd1c2 100644 --- a/ldso/dynlink.c +++ b/ldso/dynlink.c @@ -1686,6 +1686,7 @@ void *dlopen(const char *file, int mode) } if (!orig_tls_tail) libc.tls_head = 0; tls_tail = orig_tls_tail; + if (tls_tail) tls_tail->next = 0; tls_cnt = orig_tls_cnt; tls_offset = orig_tls_offset; tls_align = orig_tls_align; -- cgit v1.2.1